Stock markets plummeted wiping nearly $200 billion off share values in minutes. How could this have happened?
People innately have the need to trust people. The tweet came from a respected source, ergo it is true. Automated trading kicked in and fortunately not for long, mayhem ensued
Syrian Electronic Army, the group claiming responsibility, also claims to have hacked CBS’s 60 minutes and 48 Hours news tweets.
But the reality is that they probably did not hack the accounts at all. The reality is that in order to gain access to a Twitter account a password is needed. You can be sure that AP's is a strong one at that.
How are passwords exposed?
It most likely came from an AP employee, whether willingly or not:
- Approx 90% of all password breaches are due to bribery or extortion - the weakest link is from within. System Administrators know this but it’s a mammoth task to keep changing all passwords to all web sites etc. The solution is using things like biometrics to verify the user’s identity. See iTWire article
- Having your mobile device stolen and storing passwords in notes or contacts – Mobile device management is becoming mandatory
- It could have been a phishing email that convinced the employee to enter their password and login.
- It could have been malware that seeks out passwords
Whatever the case it is less likely to have come from a brilliant hacker typing very quickly.
How do you protect passwords?
Over the past few weeks I have been trailing this free software and am relatively convinced that it will work over all my computing platforms – Windows, Mac, Android,BlackBerry and more albeit that the mobile versions require a premium subscription for the grand total of $12 per annum. Money well spent.
Still that does not stop the weakest link.